Configuring cluster security services

You can administer cluster security services for management domains and RSCT peer domains.

On AIX®, Linux®, and Solaris systems, RSCT's cluster security services provide the security infrastructure that enables RSCT components to authenticate and authorize the identity of other parties.

Authentication is the process of ensuring that a party is who it claims to be. Using cluster security services, such cluster applications as the configuration resource manager can check that other parties are genuine and not attempting to gain unwarranted access to the system.

Authorization is the process by which a cluster software component grants or denies resources based on certain criteria. Currently, the only RSCT component that implements authorization is RMC, which uses access control list (ACL) files in order to control user access to resource classes and their resource instances. In these ACL files, you can specify the permissions that a user must have in order to access particular resource classes and resources. The RMC component subsystem uses cluster security services to map the operating system user identifiers specified in the ACL file with network security identifiers to determine if the user has the correct permissions. This process of mapping operating system user identifiers to network security identifiers is called native identity mapping.